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What i« claimed is 

, ^„trnl method for controlling communication between 
1 A communication control meinou i«i 

d evice S on a predetenmned network by using a — cation con*., apparuttts 
^ontosama^-o^devioaaofton^ten^oacnn^ 

determining at leas, a cnt-off object device of which conrmutucation . needed 
,„ be cut-off, according to a set communication control rule; and 

Riding an addresa resolution protocol (MB) packet in which a data In* 
layer address is manipulated, to the cnt-off object device, 

herein me ent-off object device is control to ttansmi. its data padre* to 
— tedabnonna.add.ases.andbydoingso.communicahonby the ent-off 

object device is cut off. 



2 The con—ation control tneurod of elaim 1, further compnstng: 
^mng an ARP packet including norma, address infonnation to a device which ts 
15 to . communication cut-off state although me device is no. an ohjee. of —cation 
c*oft any more, such «ha< me communication cut-off state is canceled.. 

3 The communication control method of claim 1, further comprising: setting part 
« aU of me da* link layer addresses of the cut-off object devices to me data link .ayer 
20 address of the communication contto, apparatos or a third data ■* *. address flu. ts 
„ f the cut-off object devices, such that communicarion be^een cutKtff object 
devices is cut off. 

4 The communication control method of claim 1, further comprising: if mere is 
coupon betiveen me htteme, protocol (TP) address of a device newly connected to ft. 

artoress to me existing devices in a nnic*. memod such tha, the coltision of the IP 
address is prevented. 

40 
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5 The conun.1ca.ion con.ro! method of data 1 , frmher ce.npristag: collecting 
network .oyer addresses and data .talc layer addresses of network taema, devices for 
which the communication control rule is set. 



s The cor—anon control method of data, 5, wherein ft. step of colleehng 
address is perfonned by a ft. memod in which use c—cahon conno. apparatas 
receives an 



ARP packet broadcast by a device in the neWork in order to connnnnieate 
'Jth any o<her device ta the network, at*. deteeU a network.layer address and a daU 
» link layer address included in Ik. pack* and/or by a second method in which based on 
ft. address of an admtaisfrauon object device which is ntannally tapnt by a network 
administrator, me communicanon cmtaol apparatas fransmi.s an ART revues, packet 
m d detect a nehvork layer address and a dam link layer address from an ARP reply 
packet fransndttad by to adminisfradon object device in response to me ARP reqnes. 
15 packet. 

7 . A communication control method for controlhng communication between 
devices on a predetermined network, the method comprising: 

collecting network layer addresses and data link layer addresses existing in the 
20 network, by a communication control apparatus; 

storing communication control rules, which are set to perform desired 
communication control for collected addresses by a network administrator, in a 
communication control rule database (DB); 

detecting an address resolution protocol (ARP) packet transmitted by a device 
25 in the network in order to communicate with another device in the network; 

determining whether or not the detected ARP packet corresponds to a 
communication cut-off object, by referring to the communication control rule DB; and 
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if toe packet corresponds to the communication cut-off object, admitting an 
AKP for communication cut-off, wherein communication between network internal 
devices can be selectively controlled when necessary. 

5 8 The eommunieahon oontrol method of claim 7, wherein collecting the 
addresses is performed by a first method in which the communication control apparatus 
receives an ARP packet broadcast by a device in the network in order to —rente 
widr any other device in fire network, and detects a network layer address and a dau 
tok layer address included in foe pack*, and/or by a second method in which based on 

10 the address of an administration object device which is manually input by a network 
adndnishator, foe communication control apparatus transmits an ARP revest packet 
m d detects a network layer address and a data link layer address fiom an ARP reply 
packet transmitted by the administration object device in response to foe ARP request 
packet. 

9 The communication control method of claim 7, wherein the objects of setting 
the communication control rule include communication between network layer 
addresses, communication between data link layer addresses, and communication 
between a network layer address and a data link layer address. 

10 The communication control method of claim 7, wherein the objects of settmg 
the communication control rule further include communication between network layer 
address and network layer address groups, communication between data link layer 
address and data link layer address groups, communication between network layer 
25 addresses and data link layer address groups, communication between data link layer 
addresses and network layer address groups, and communication between network layer 
address groups and data link layer address groups. 
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11. The communication control method of claim 7, wherein when a reception side 
address is an object of cut-off, a cut-off packet is transmitted to the 'same addresses' as 
the reception protocol address. 

5 12. The communication control method of claim 7, wherein when a transmission 
side address is an object of cut-off, a cut-off packet is transmitted to 'air protocol-data 
link layer addresses belonging to the same network as that of the transmission side 
protocol. 

10 13. The communication control method of claim 7, further comprising: if a 
network internal device transmits an ARP reply packet in response to the ARP request 
packet transmitted by the communication control apparatus, retrieving an relation rule 
by using a transmission side address included in the detected reply packet, and if the 
retrieval result indicates that there is a cut-off rule for the transmission side address, 

15 transmitting a cut-off packet to all protocol-data link layer address DBs (DB-3) 
belonging to the same network as that of the transmission side protocol. 

14. The communication control method of claim 7, further comprising: for a 
device which is in a communication cut-off state although the device is not an object of 
communication cut-off any more with detection of a network layer packet, transmitting 
an ARP packet for canceling the communication cut-off state. 



20 



15. The communication control method of any one of claims 7 and 14, further 
comprising: by referring to the communication control rule DB at regular time interval, 
25 transmitting an ARP request packet for communication cut-ofFcanceling 
communication cut-off according to a communication control rule registered in the DB. 
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16. The communication control method of claim 7, further comprising: if a 
reception side data link layer address is a cut-off address and there is a packet 
forwarding rule for the address, forwarding the received protocol layer packet with 
having the destination address of the received protocol layer packet as a normal data 

5 link layer address. 

17. The communication control method of claim 7, further comprising: if there is 
collision between the Internet protocol (IP) address of a device newly connected to the 
predetermined network and the IP addresses of existing devices, transferring a correct IP 

10 address to the existing devices in a unicast method such that the collision of the IP 
address is prevented. 

18. A communication control apparatus which is located on the same level as that 
of devices on a predetermined network; provides an environment where an 

15 administrator of the network can set a communication control rule capable of cutting off 
communication between the devices when necessary; while administering the set 
communication control rules in a database, provides an ARP packet in which the data 
link layer address is manipulated, to the devices that are set as the objects of 
communication cut-off, such that data packets transmitted by the communication cut-off 

20 object devices are made to be transmitted to an manipulated abnormal address; and by 
doing so, cuts off communication between the communication cut-off object devices. 
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